[squid-users] SQUID problem with unavailability of Google services
A. Pechenin
alexmrrc at gmail.com
Sun Dec 22 20:13:50 UTC 2024
Thank you for your clarification.
But could you please explain in more detail and in my case what needs to be
added to "strengthen and ensure" the operation of my solution?
The quote from the file squid.conf.documented is not very clear to me.
# # # First, mark transactions accepted after aclX matched
# # acl markSpecial annotate_transaction special=true
# # http_access allow acl001
# # ...
# # http_access deny acl100
# # http_access allow aclX markSpecial
вс, 22 дек. 2024 г. в 22:47, Alex Rousskov <rousskov at measurement-factory.com
>:
> On 2024-12-22 08:13, A. Pechenin wrote:
> > The reason and solution were not simple and obvious at first glance.
> > I have two providers accessing the gateway, the main and backup
> > channels, and automatic switching is configured when the connection on
> > the main channel is lost.
> > To check, I switched the proxy server to the second channel and the
> > problem with partial unavailability of Google services was solved.
> >
> > I returned it back, used a simple formula in the configuration file with
> > subsequent partial adjustment of ipfw.
>
> Glad you found a solution! Diagnosing problems related to CONNECT
> tunnels is difficult because Squid (playing a role of a dumb TCP relay)
> is often unaware of problems experienced by clients and origin servers.
>
>
> > # Google via ISP2
> > acl google dstdomain .google.com
> > tcp_outgoing_address REAL_IP_ISP2 google
>
> Please note that the above configuration usually "works" but is
> unreliable and unsupported: tcp_outgoing_address directive does not
> support slow ACLs and your ACL named google is a slow ACL.
>
> For a more reliable solution, consider annotating google-matching
> transaction at http_access check time and then using those annotations
> at tcp_outgoing_address check time. For a somewhat related example, look
> for "markSpecial" in squid.conf.documented or search this mailing list
> archives for annotate_transaction discussions.
>
>
> HTH,
>
> Alex.
>
>
> > сб, 21 дек. 2024 г. в 20:26, A. Pechenin <alexmrrc at gmail.com>:
> >
> > This week, when connecting users through a proxy server, some Google
> > services became inaccessible, such as Calendar, Translator, user
> > profile.
> >
> > When clicking on the services section in the browser on the Google
> > portal, the page does not open and then a connection error is
> > displayed. When directly going to the calendar section, the
> > connection also hangs for a long time without loading the page. At
> > the same time, the Google home page, mail, search work.
> >
> > Transparent proxying is not used.
> > Viewing the proxy server logs did not add any understanding, all
> > requests are processed correctly and no errors or prohibitions are
> > observed. There are no other problems with the unavailability of any
> > sites.
> >
> > When connecting directly (bypassing the proxy server), all Google
> > services work completely correctly.
> > The platform on which the problem was suddenly discovered:
> > FreeBSD 13.2-RELEASE-p9
> > Squid 6.6
> >
> > A new separate server was deployed for objectivity and finding the
> > cause, but the problem was also reproduced there, its platform.
> > FreeBSD 13.4-RELEASE-p2
> > Squid 6.10
> >
> > I tried using the default configuration file (recommended minimum
> > configuration) to eliminate the problem in my working squid.conf,
> > but the problem remained
> >
> > I repeat, the problem reproduced suddenly, no changes were made to
> > the proxy server configuration on our side, no problems with Google
> > have arisen for many years. What should I pay attention to in the
> > Squid configuration? Any idea
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > https://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20241222/097bebb2/attachment-0001.htm>
More information about the squid-users
mailing list